Y
Yogi Bear
Hi all,
I found there is a ssdt hook to ntconnectport function (0x1f) in my windows xp sp2,
the function address was changed to 0x86xxxxxx (which was changed after reboot) and
not within any module(RootkitRevealer and RkUnhooker show "unknown module filename").
maybe it's a trojan horse?
sorry for my english and TIA
I found there is a ssdt hook to ntconnectport function (0x1f) in my windows xp sp2,
the function address was changed to 0x86xxxxxx (which was changed after reboot) and
not within any module(RootkitRevealer and RkUnhooker show "unknown module filename").
maybe it's a trojan horse?
sorry for my english and TIA